PerimeterX Code Defender™

Protect your website from client-side supply chain attacks

PerimeterX Code Defender provides real-time visibility and granular control into the client-side supply chain attack surface, identifies vulnerabilities and anomalous behavior, and proactively mitigates risk.

Learn More

Stop Client-side Attacks

  • Detect
  • Analyze
  • Mitigate

Client-side JavaScript code is a significant blind side for businesses because it runs on end users’ browsers, outside the protection of legacy security solutions like web application firewalls (WAFs). Malicious first-, third- and nth-party JavaScript can modify page elements, insert fake checkout buttons or skim personally identifiable information (PII) from your website, including credit card numbers and passwords.

Code Defender runs 24/7/365 and provides robust real-time visibility into all scripts, all downstream dependencies and every action taken in users' browsers. It extends website security to the client-side, freeing up application development teams to focus on innovation.

Read Product Brief
Collect Activity Signals

Protect Your Website

Case Study

We wanted to find the anomalies and changes in our client-side scripts. The Code Defender behavioral analysis solution greatly simplifies this process.

Lee TarverSr. Manager, Security Architecture and Engineering, Sally Beauty
Read Case Study

Why PerimeterX

Full Visibility and Control

Comprehensive Client-side Visibility

Gain real-time visibility into first-, third- and Nth-party scripts and detect unauthorized PII access, data exfiltration events and known script vulnerabilities.

Read Press Release

Client-side Mitigation

Provides granular control over legitimate JavaScript so you can block specific actions without blocking the entire script, enabling enforcement of PCI and compliance with privacy regulations. Complements CSP capabilities.

Prevent PII Harvesting
Script Analyzer

Script Analyzer

Gives full visibility into client-side scripts running in your environment, like how scripts are interacting with your site, additional scripts they are interacting with and exposure details.

Install Analyzer


Provides an actionable dashboard that offers an at-a-glance overview and helps teams quickly identify the high-risk PII, PCI, and vulnerability incidents that response teams should prioritize.

Read Case Study
Threat Research Leadership

Threat Research Leadership

The PerimeterX research team conducts proactive research into new threats to identify vulnerable scripts, malicious domains and novel attack techniques. This research is used to continuously improve Code Defender detection and to provide actionable context on alerts.

Read the PerimeterX Blog
Enterprise-level Customer Services

Enterprise-level Customer Services

The PerimeterX security team is available via multiple channels to help you investigate security incidents and provide actionable insights. The team analyzes feedback loops from Code Defender, to proactively mitigate client-side attacks and enabling you to quickly respond to compliance and vulnerability incidents.

Contact Us

Comprehensive Account Protection

The PerimeterX Platform is a set of cloud-native infrastructure and services that powers an award-winning suite of application protection solutions. These solutions prevent the criminal theft, validation and fraudulent use of consumers’ identity and account information on the websites and mobile apps that leverage a PerimeterX solution.

Powered by the PerimeterX Platform

How Code Defender Works

How Code Defender Works
  • Collect

    The PerimeterX Sensor collects activity signals from the client-side browser including interactions with the DOM, network domains and local storage. This information is sent to the cloud-based Detector for analysis. The Sensor does not collect any personal data from the browser.

  • Analyze

    The cloud-based Detector analyzes the client-side activity signals using advanced machine learning models to build a baseline profile for every first-, third- and Nth-party script running on the web page. The Detector flags any changes in script behavior or execution of new scripts and automatically generates alerts.

  • Mitigate

    The out-of-band Enforcer works with your web server or CDN to automatically manage and enforce CSP rules. Updated with continuous intelligence from the Detector, the Enforcer ensures that the CSP prevents scripts from being loaded from unknown domains, and blocks malicious network communication on the client-side browser.

© PerimeterX, Inc. All rights reserved.